Secure circuit integrated with memory layer

ABSTRACT

An example secure circuit device includes a logic layer with a logic circuit, first and second memory layers, and connectors between the logic layer and the memory layers. The logic circuit executes logic operations in response to being in an unlocked state and does not execute logic operations in response to being in a locked state. The logic circuit is in the unlocked state in response to a security key being accessible and in the locked state when the security key is inaccessible. The first memory layer is disposed over a second memory layer with the first and second memory layers being disposed over the logic layer in a monolithic structure. The security key includes a first security key portion disposed in the first memory layer and a second security key portion disposed in the second memory layer.

BACKGROUND OF THE INVENTION

Security is a major concern for many applications of integrated circuits. Organizations invest considerable resources into the configuration of circuits, and many of these organizations wish to protect that investment. Circuits in certain applications may present inherent security concerns, such as circuits used for missile guidance systems or other sensitive military and government applications.

Due to the value of the information contained in integrated circuits, considerable efforts have been made in reverse engineering by both government and industry. Circuit transmissions can be monitored and decrypted, and the circuits themselves can be physically deconstructed by successive etching operations. Imaging operations such as scanning electron microscopy (SEM) can be conducted between successive etches to discover circuit architecture. Other imaging techniques can be used when a circuit is in operation to directly or indirectly detect heat or electricity.

Conventional methods for securing communication between integrated circuits and memory have been directed to encrypting the communications. However, this method has disadvantages. Communication circuitry is difficult to obscure, and therefore can be tapped by a dedicated reverse engineer. As technology develops, decryption techniques become more advanced, so communications that are secure today become less secure over the lifetime of a device. Some devices, such as certain aerospace applications, can have a long service life, so it is possible for current encryption techniques to become vulnerable during the lifetime of a device. In addition, if the key becomes known, access to a data stream is an undesirable vulnerability.

BRIEF SUMMARY OF THE INVENTION

Embodiments of the present invention may overcome one or more problems associated with circuit security, for example by embedding a security key on one or more memory layer disposed over a logic layer in a circuit device.

In one embodiment, a secure circuit device includes a logic layer, one or more memory layers comprising non-volatile memory cells disposed over the circuit layer and integrated with the logic layer, a plurality of connectors provided between the logic layer and the one or more memory layers to electrically couple the logic layer and the one or more memory layers, and a security key disposed in the non-volatile memory cells of at least one memory layer, the security key being a key required for enabling access to the logic layer for operation.

The security circuit may include a first memory layer and a second memory layer, and non-volatile memory cells storing the security key may be one time programmable memory cells. The non-volatile memory cells may be resistive memory cells arranged in a crossbar configuration.

In an embodiment, the memory layers may include two terminal cells in a resistive memory (RRAM) a phase-change memory (PCRAM), a ferroelectric memory (FERAM), or a magnetic memory (MRAM).

A security key may include portions with a first key portion disposed in a first area, and a second key portion disposed in a second area that is vertically located with respect to the first area. In such an embodiment, the first area may be a first memory layer, and the second area may be a second memory layer disposed over the first memory layer, wherein the second security key portion is used to unlock the first security key portion, and the first security key portion is used to unlock the logic layer. An embodiment may further comprise a third security key portion disposed on a third memory layer in a third area that is vertically located with respect to the first area.

The present invention may be embodied on a system including a secure circuit device which includes a logic layer, one or more memory layers comprising non-volatile memory cells disposed over the logic layer and integrated with the logic layer in a monolithic structure, and a security key disposed in the non-volatile memory cells of at least one memory layer, the security key being a key required for enabling access to the logic layer for operation. The one or more memory layers may include a first memory layer and a second memory layer.

In an embodiment, a security circuit in the system has security key that includes a first key portion disposed in a first area, and a second key portion disposed in a second area that is vertically located with respect to the first area. The first area may be a first memory layer, and the second area may be a second memory layer disposed over the first memory layer, wherein the second security key portion is used to unlock the first security key portion, and the first security key portion is used to unlock the logic layer. The circuit in the system may further include a third security key portion disposed on a third memory layer, wherein the first, second, and third security key portions are all needed to unlock the logic layer, and a dummy key disposed in one or more memory layer.

In an embodiment of the system, the non-volatile memory cells storing the security key may be one time programmable memory cells, and in an embodiment they may include two terminal cells. The non-volatile memory cells may be resistive memory cells arranged in a crossbar configuration. The logic layer may include one or more processing or computational elements, and the system may further comprise access logic, wherein the access logic is configured to receive the security key disposed in the non-volatile memory cells and is configured to enable access to the logic layer in response thereto.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates a lower layer of an integrated circuit device according to an embodiment of the present invention.

FIG. 2 illustrates a plurality of layers in an integrated circuit device according to an embodiment of the present invention.

FIG. 3 illustrates a memory cell according to an embodiment of the present invention.

FIGS. 4A and 4B illustrate electrical behavior of a memory cell according to an embodiment of the present invention.

FIGS. 5A and 5B illustrate physical states of a memory cell according to an embodiment of the present invention.

FIG. 6 illustrates a memory array according to an embodiment of the present invention.

FIG. 7 illustrates a plurality of memory layers according to an embodiment of the present invention.

FIGS. 8A to 8C illustrate memory and logic layers according to various embodiments of the present invention.

FIG. 9 illustrates a computer system according to an embodiment of the present invention.

FIG. 10 illustrates a packaged device according to an embodiment of the present invention.

FIG. 11 illustrates a system on a chip according to an embodiment of the present invention.

DETAILED DESCRIPTION OF THE INVENTION

The present invention relates to a multi-layered secure device having one or more security keys distributed in one or more memory layers of the device to provide enhanced security. The memory layer is provided on top of a logic layer and form in a monolithic structure so that there would be no exposed wires (or connectors) therebetween. The wires or connectors used to couple the logic layer and the memory layer may be through silicon vias (TSV) or other suitable conductive structures.

FIG. 1 illustrates an integrated circuit device 100 comprises a plurality of layers according to an embodiment of the present invention. The first, or lowest, layer 110 of an integrated circuit may be an application specific integrated circuit (ASIC), a field programmable gate array (FPGA), a complex programmable logic device (CPLD), a microcontroller (MCU), or other type of circuit that interfaces with memory. The circuit may have set logic, such as an ASIC, programmable logic, such as an FPGA or CPLD, or a combination of set and programmable logic.

As shown in FIG. 1, in an embodiment, logic level 110 of an integrated circuit device may include a logic sector 112, an encryption module 114, a decryption module 116, and a security key 118. The presence of the modules and keys may vary according to the encryption implementation. Embodiments include memory embedded in an integrated circuit. In an embodiment, the security key 118 is stored in one or more memory layers that are provided on top of the logic layer, as will be explained in more detail below. Embodiments may also include memory embedded in the logic layer itself.

FIG. 2 shows an integrated circuit 100 with a plurality of memory layers (220-1 . . . n) disposed over logic level 110. Embodiments may include a first memory layer 220-1, first memory layer 220-1 and second memory layer 220-2, or n memory layers, where n is a whole number. Each memory layer includes non-volatile memory cells, and may include logic components as well. Although an exemplary embodiment is described below with a particular form of non-volatile memory, persons of skill in the art will recognize that various embodiments may include other forms of non-volatile memory.

FIG. 3 shows an embodiment of non-volatile memory that may be included in each memory layer 220. As shown in FIG. 3, non-volatile memory 300 includes a bottom electrode 302, a switching medium 304, and a top electrode 306. The switching medium 304 exhibits a resistance that can be selectively set to various values, and reset, using appropriate control circuitry. The memory 300 is two-terminal resistive memory, e.g., a resistive random-access memory (RRAM), in the exemplary embodiment.

The resistive memory device is a two-terminal device having a switching medium provided between top and bottom electrodes. The resistance of the switching medium can be controlled by applying an electrical signal to the electrodes. The electrical signal may be current-based or voltage-based, or may use a combination of current and voltage. As used herein, the term “RRAM” or “resistive memory device” or “resistive memory cell” refers to a memory device that uses a switching medium whose resistance can be controlled by applying an electrical signal without ferroelectricity, magnetization and phase change of the switching medium. Although RRAM is described in greater detail below, embodiments of the present invention may be implemented in various types of two terminal non-volatile memory, such as phase-change memory (PCRAM), ferroelectric memory (FERAM), and magnetic memory (MRAM).

In an embodiment, memory cells 300 use an amorphous-silicon-based resistive memory and use amorphous silicon (a-Si) as the switching medium 304. The resistance of the switching medium 304 changes according to formation or retrieval of a conductive filament inside the a-Si switching medium 304 according to a voltage applied. The top electrode 306 is a conductive layer containing silver (Ag) and acts as a source of filament-forming ions in the a-Si switching medium 304. Although silver is used in an exemplary embodiment, it will be understood that the top electrode 306 can be formed from various other suitable metals, such as gold (Au), nickel (Ni), aluminum (Al), chromium (Cr), iron (Fe), manganese (Mn), tungsten (W), vanadium (V), and cobalt (Co). The bottom electrode 302 is a boron-doped or other p-type polysilicon electrode that is in contact with a lower end face of the a-Si switching medium 304.

FIG. 4A illustrates resistance switching characteristics of the memory cell 300 according to an embodiment of the present invention. The switching medium 304 displays a bipolar switching mechanism. The resistance of the switching medium 304 changes depending on the polarity and magnitude of a current signal applied to the switching medium 304 via the top and bottom electrodes 306 and 302. The memory cell 300 is changed into an ON-state (low resistance state) when a positive voltage equal to or greater than a program threshold voltage (or program voltage) Vpth is applied. In an embodiment, the program voltage ranges between 1 volt to 5 volts depending on the materials used for the switching medium 304 and the top electrode 306. The memory cell 300 is switched back to an OFF-state (high resistance state) when a negative voltage equal to or greater than an erase threshold voltage (or erase voltage) Veth is applied. In an embodiment, the erase voltage ranges from −1 volts to −5 volts. The device state is not affected if the voltage applied is between the two threshold voltages Vpth and Veth, which enables a low-voltage, read process. Once the memory cell 300 is set to a specific resistance state, the memory cell 300 retains information for a certain period (or retention time) without electrical power.

FIG. 4A illustrates non-rectifying switching characteristics of the memory cell 300 according to an embodiment of the present invention. Electrical current flows from the top electrode 306 to the bottom electrode 302 when the top electrode 306 is applied with a positive potential with respect to the bottom electrode 302. On the other hand, the current flows in a reverse direction if the top electrode 306 is applied with a negative potential with respect to the bottom electrode 302.

FIG. 4B, on the other hand, illustrates rectifying switching characteristics of the memory cell 300 according to another embodiment of the present invention. Electrical current flows from the top electrode 306 to the bottom electrode 302 when the top electrode 306 is applied with a positive potential with respect to the bottom electrode 302, but the current does not flow in the reverse direction even if the top electrode 306 is applied with a negative potential with respect to the bottom electrode 302. Under this embodiment, the device 300 exhibits a diode-like behavior and can be represented with an equivalent circuit including a resistor connected in series with a diode. The memory cell 300 can be controlled to exhibit either rectifying or non-rectifying characteristics by controlling the amount of current flowing through the device.

FIGS. 5A and 5B illustrate a switching mechanism of the memory cell 300 during the ON and OFF states according to an embodiment of the present invention. The switching in the a-Si switching medium 304 is based on formation and retrieval of a conductive filament or a plurality of filaments in a filament region in the a-Si switching medium 304 according to the program and erase voltages applied to the electrodes 302 and 306 of the memory cell 300.

FIG. 5A illustrates the device 300 that is placed in the ON state (or programmed state) by applying the program voltage Vpth to the top electrode 306. The switching medium 304 made of a-Si is provided between the bottom electrode 302 and the top electrode 306. An upper portion of the switching medium 304 includes a metallic region (or conductive path) 502 that extends from the top electrode 306 to about 10 nm above the bottom electrode 302. The metallic region 502 is formed during an electroforming process when a slightly larger voltage than a subsequent switching voltage, e.g., 1˜5 V, is applied to the top electrode 306. This large voltage causes the electric field induced diffusion of the metal ions from the top electrode 306 toward the bottom electrode 302, thereby forming a continuous conductive path 503.

A lower portion of the switching medium 304 defines a filament region 504 wherein a filament 505 is formed when the program voltage Vpth is applied after the electroforming process. The regions 503 and 505 can be also formed together during the electroforming process. The filament 505 includes a series of metal particles that are trapped in defect sites in the lower portion of the switching medium 304 when the program voltage Vpth applied provides sufficient activation energy to push a number of metal ions from the metallic region 502 toward the bottom electrode 302.

The filament 505 comprises a collection of metal particles that are separated from each other by the non-conducting switching medium and does not define a continuous conductive path, unlike the path 503 in the metallic region 502. The filament 505 extends about 2-10 nm depending on implementation. The conduction mechanism in the ON state is electrons tunneling through the metal particles in the filament 505. The device resistance is dominated by the tunneling resistance between a metal particle 506 and the bottom electrode 302. The metal particle 506 is a metal particle in the filament region 504 that is closest to the bottom electrode 302 and is the last metal particle in the filament region 504 in the ON state.

Referring back to FIGS. 4A and 4B, the memory cell 300 can be controlled to exhibit a diode-like behavior by controlling the amount of current flowing through the memory cell 300. If the amount of current flowing through the memory cell 300 is less than a threshold amount, the device 300 exhibits a diode-like behavior, thereby preventing a reverse current flow from the bottom electrode 302 to the top electrode 306. In an embodiment, the threshold current is 10 μA so that the memory cell 300 exhibits non-rectifying characteristics (see FIG. 4A) if the amount of current is 10 μA or more and rectifying characteristics (see FIG. 4B) if the amount of current is less than 10 μA. The threshold current varies according to the device implementation, e.g., the materials used and the size of the memory cell 300.

A negative potential applied to the bottom electrode 302 causes the metal particle 506 closest to the bottom electrode 302 (see FIG. 5A) to shift slightly upward without dislodging it from the filament region 504. The resulting increased distance between the metal particle 506 and the bottom electrode 302 increases the resistance and prevents the current from flowing from the bottom electrode 302 to the metal particle 506. If the current, however, is equal to or greater than the threshold level, the large current bursts through the metal particle 506 from the bottom electrode 302.

FIG. 6 illustrates a non-crystalline or a-Si based crossbar memory array 600 according to an embodiment of the present invention. The crossbar memory array 600 includes a parallel array of bottom electrodes 602 extending along a first direction. In an embodiment, the bottom electrodes 602 include a bottom metal (not shown) and a p-type polysilicon (not shown) formed on the bottom metal. The bottom electrodes 602 are nanoscale in an embodiment. For example, the bottom electrodes 602 may have a width of about 40 nm and a pitch of about 80 nm.

A parallel array of top electrodes 604 extends along a second direction to intersect the bottom electrodes 602. The top electrodes 604 include metals capable of supplying filament-forming ions such as silver (Ag), gold (Au), nickel (Ni), aluminum (Al), chromium (Cr), iron (Fe), manganese (Mn), tungsten (W), vanadium (V) and cobalt (Co). In an embodiment, the top electrodes 604 and the bottom electrodes 602 are orthogonal to each other. The top electrodes 604 are nanowires having a width of about 60 nm and a pitch of about 120 nm.

Each intersection 606 of the two arrays 602 and 604 defines a two-terminal resistive memory cell 608. The memory cell 608 at each intersection 606 includes two electrodes 602 and 604 separated by a switching layer 610. The switching layer or structure can have a width substantially the same as or narrower than that of the bottom electrode 602. In some embodiments, each memory cell in a crossbar memory array can store a single bit. In other embodiments, the memory cells exhibit multi-level resistance thereby allowing storage of a plurality of bits at each cell. In an embodiment, the switching layer 610 includes amorphous silicon or other non-crystalline silicon, but embodiments of the invention are not limited thereto.

In an embodiment, referring to FIG. 2, memory layers 220 are electrically coupled to logic layer 110 and to other memory layers 220 by through silicon vias (TSVs). To enhance thermal performance, the memory cells of memory layers 220 may be disposed towards outer edges of the chip, so that memory cells are not directly disposed over logic components. Each successive memory layer 220 may be arranged in such a manner, so that a portion of upper memory layers does not overlap with portions of lower memory layers.

In an embodiment where memory layers 220 only store keys and a relatively small amount of data or no data, memory cells storing one or more key 118 may be distributed across relatively large areas of the underlying circuit 100. A broad distribution of memory cells can help obscure the location of a key, especially when multiple keys are present.

Referring to FIG. 7, one or more memory layer 220 may include an encryption module 114, a decryption module 116, and a security key 118. Alternatively, each memory layer 220 may include a security key 118, but not an encryption module 114 or decryption module 116.

FIG. 8A illustrates the integrated circuit device 100 having logic layer 110 and one or more memory layers 220 disposed over the logic layer according to an embodiment of the present invention. Device 100 may include a single memory layer 220-1 having a security key 118 that is retrieved by logic layer 110 to unlock the device 100 for operation. Alternatively, the device 100 may include a plurality of security key 118 that are provided on different memory layers 220, and the device 100 determines which security key to use for unlocking the device. The security key 118 for unlocking may be selected randomly or in a predetermined sequence.

The one or more security key 118 in a memory layer 220 may be set at any phase of its lifecycle. The key could be set during the fabrication process, for example by setting memory states at or immediately following fabrication. In some applications, it may be desirable for the security key to be set by a customer further down the supply chain, such as an original equipment manufacturer, a reseller, or even an end user.

The security key 118 can be set by using a one-time programmable (OTP) process. An example of OTP process is an anti-fuse process, which is well known. In an embodiment, a memory layer 220 includes a large number of potential antifuse locations, so that it is difficult to determine which anti-fuses have been activated in a particular application through imaging techniques.

In an embodiment, a plurality of security keys 118 that are distributed on different memory layers 220-1 to 220-n may include “dummy” keys that are not used by the device 100, but are provided to make it more difficult to determine which security key is used by the device 100.

FIG. 8B illustrates a security key 118 having a plurality of components that are distributed in a plurality of memory layers 220 according to an embodiment of the present invention. These components are put together by the logic 110 and the device 100 can be unlocked only if the all the components are safely brought together by the logic 100. If any one of the key component is destroyed by a reverse engineering effort, the device 100 could not be unlocked. For example, if the security key 118 uses a 256-bit key, the key can be divided into four 64-bit key components 118-1 to 118-4 and stored in four different memory layers 220. Alternatively, more than one key component may be stored on different locations of a given memory layer 220.

In an embodiment, data are in the memory layers 220 are encrypted using keys as shown in FIG. 8C. Symmetrical keys are used to encrypt the data transmission, where one or more key 118 disposed on logic layer 110 corresponds to one or more key 118 disposed on memory layers 220. Alternatively, the keys 118 may all be stored in the memory layers 220.

The keys 118 could be distributed among the memory layers 220 in a convoluted fashion to further obscure key values and locations. For example, the key 118 used by logic layer 110 to decrypt data from memory layer 220-1 may be stored on memory layer 220-2, or portions of each key may be distributed among several memory layers as discussed above with respect to FIG. 8B. Having a plurality of keys present in various forms and layers enhances the difficulty of reverse engineering a circuit 100.

Any number of encryption schemes may be used by embodiments of the present invention. For example, the device 100 may use the data encryption standard (DES) or the advanced encryption standard (AES) with one or more keys 118 of an arbitrary length. Embodiments can implement symmetric key or asymmetric keys as appropriate. Embodiments of the present invention are not limited to any particular length or encryption scheme.

Different encryption schemes can be used in the same device 100 for different purposes. For example, external communications may use AES, while internal storage may be encrypted with DES.

In an embodiment, the device 100 includes a field programmable gate array (FPGA) so that the logic can be configured after the circuit is fabricated. The logic configuration of an FPGA is stored (programmed) in a memory, and is loaded into the logic when power is applied to the circuit. This communication may involve a bit stream up to millions of bits, depending on the complexity of the logic. In a secure implementation, these bits are encrypted.

Device 100 having memory layers 220 with one or more security keys 118 provides enhanced security compared to a conventional FPGA device. In such a conventional FPGA device, the memory is disposed in a separate module from the logic so that the wiring between the logic and the memory is exposed and vulnerable to monitoring by a reverse engineer. The device 100, on the other hand, does not have any exposed wires between the logic layer 110 and the memory layer 220 since the latter is formed on top of the logic layer 110.

In addition to providing secure intra-chip communications, an embodiment that uses an FPGA as a lower layer 110 can store keys 118 for communication with external devices. Embodiments described above with respect to FIGS. 1-8 can be implemented using an FPGA as a logic layer 110.

The present invention is not restricted to a particular configuration of the logic layer 110. As circuit technology progresses, the line between an ASIC, an FPGA, and other similar set or programmable circuits blurs as hybrid devices enter the market. Any of these circuits can implement security through one or more memory layers 220 as described herein.

A system employing a circuit device 100 as described above may be implemented in many different configurations. In one embodiment, as shown in FIG. 9, the device 100 is implemented in a computer system 900. Although FIG. 9 shows device 100 as being discrete from computer subsystems, it can be implemented as a component of any of the subsystems or other components, such as storage subsystem 912, network interface 906, or user interface output devices 908.

FIG. 9 is a simplified block diagram of an exemplary computer system 900 according to an embodiment of the present invention. Computer system 900 typically includes at least one processor 904, which communicates with a number of peripheral devices via bus subsystem 902. These peripheral devices typically include a storage subsystem 912, comprising a memory subsystem 914 and a file storage subsystem 920, user interface input devices 910, user interface output devices 908, and a network interface subsystem 906. The input and output devices allow user interaction with computer system 900. It should be apparent that the user may be a human user, a device, a process, another computer, and the like. Network interface subsystem 906 provides an interface to outside networks, including an interface to communication network 922, and is coupled via communication network 922 to corresponding interface devices in other computer systems.

User interface input devices 910 may include a keyboard, pointing devices such as a mouse, trackball, touchpad, or graphics tablet, a scanner, a barcode scanner for scanning article barcodes, a touchscreen incorporated into the display, audio input devices such as voice recognition systems, microphones, and other types of input devices. In general, use of the term “input device” is intended to include all possible types of devices and ways to input information into computer system 900 or onto communication network 922.

User interface output devices 908 may include a display subsystem, a printer, a fax machine, or non-visual displays such as audio output devices. The display subsystem may be a cathode ray tube (CRT), a flat-panel device such as a liquid crystal display (LCD), or a projection device. The display subsystem may also provide non-visual display such as via audio output devices. In general, use of the term “output device” is intended to include all possible types of devices and ways to output information from computer system 900 to a user or to another machine or computer system.

Storage subsystem 912 stores the basic programming and data constructs that provide the functionality of the computer system. For example, the various modules implementing the functionality of the present invention may be stored in storage subsystem 912. These software modules are generally executed by processor(s) 904. In a distributed environment, the software modules may be stored on a plurality of computer systems and executed by processors of the plurality of computer systems. Storage subsystem 912 also provides a repository for storing the various databases storing information according to the present invention. Storage subsystem 912 typically comprises memory subsystem 914 and file storage subsystem 920.

Memory subsystem 914 typically includes a number of memories including a main random access memory (RAM) 918 for storage of instructions and data during program execution and a read only memory (ROM) 916 in which fixed instructions are stored. File storage subsystem 920 provides persistent (non-volatile) storage for program and data files, and may include a hard disk drive, a floppy disk drive along with associated removable media, a Compact Digital Read Only Memory (CD-ROM) drive, an optical drive, removable media cartridges, and other like storage media. One or more of the drives may be located at remote locations on other connected computers at another site on communication network 922.

Bus subsystem 902 provides a mechanism for letting the various components and subsystems of computer system 900 communicate with each other as intended. The various subsystems and components of computer system 900 need not be at the same physical location but may be distributed at various locations within a distributed network. Although bus subsystem 902 is shown schematically as a single bus, alternative embodiments of the bus subsystem may utilize multiple busses.

Computer system 900 can be of varying types including a personal computer, a portable computer, a workstation, a computer terminal, a network computer, a mainframe, a handheld communication device, or any other data processing system. Due to the ever-changing nature of computers and networks, the description of computer system 900 depicted in FIG. 9 is intended only as a specific example for purposes of illustrating the computer system. Many other configurations of a computer system are possible having more or fewer components than the computer system depicted in FIG. 9. Client computer systems and server computer systems generally have the same configuration as shown in FIG. 9, with the server systems generally having more storage capacity and computing power than the client systems.

Another example of a system which may incorporate device 100 is a packaged device 1000, as shown in FIG. 10. Packaged device 1000 may include one or more processors 1002, memory 1004, I/O port 1006, and electrical components such as a resistor 1008 and a capacitor 1010. The I/O port 1006 may be a typical interface such as a universal serial bus (USB), a proprietary interface, or the like. In some embodiments, the interface may use light or radio waves to transmit data into and out of the system in a package 1000. A system in a package 1000 may be incorporated along with other components into a device such as a computer system 900 or another electronic device.

Yet another example of a system which may incorporate device 100 is a system on a chip 1100, as shown in FIG. 11. A system on a chip may comprise one or more processor 1102, memory 1104, 110 interface 1106, and power management module 1108, all integrated into a single chip. Persons of skill in the art will recognize that various embodiments of a system on a chip 1100 may have more or less components than those shown in FIG. 11. Various components may be disposed on the same layer, or stacked above one another on separate layers.

Embodiments according to the present disclosure have advantages over conventional devices. For example, certain security functions may be made redundant by a multi-layered secure device 100. An exemplary function that may be made redundant is a checksum operation that is conducted for security purposes, particularly in telecom applications. Although a checksum operation may still be performed to ensure data accuracy, in an embodiment, it may not be necessary to perform a checksum to determine whether a device has been compromised. Eliminating such functions may reduce the cost and complexity of devices according to the above disclosure, as well as reducing boot and transmission times.

An exemplary embodiment comprising a plurality of memory layers 220, each comprising a security key 118 or security key portion 118-n, makes it considerably more difficult to reverse engineer a circuit 100. To accurately image the lower logic level 110, a reverse engineer etches upper memory layers 118-1 to 118-n, thereby destroying security keys 118 and any additional data stored in memory. With the security keys destroyed, the device will not function, making it more difficult to image operations of the logic layer 110.

Persons of skill in the art will recognize these and other advantages. Although the invention has been described using structures of exemplary embodiments, embodiments of the invention are not necessarily limited thereto. The above description is intended to be illustrative, and not limiting. 

What is claimed is:
 1. A secure semiconductor chip comprising: a logic layer that comprises a logic circuit formed within the logic layer, wherein the logic circuit executes logic operations in response to being in an unlocked state and that does not execute logic operations in response to being in a locked state, wherein the logic circuit is in the unlocked state in response to a security key being determined to be accessible and is in the locked state in response to the security key being determined to be inaccessible; a first memory layer disposed over a second memory layer, the first and second memory layers comprising non-volatile memory cells disposed over the logic layer and integrated with the logic layer in a monolithic structure embodying the secure semiconductor chip; and a plurality of connectors within through hole vias provided between the logic layer and the first and second memory layers facilitating intra-chip communication within an interior of the secure semiconductor chip, wherein the plurality of connectors electrically and communicatively couple the logic circuit of the logic layer and the first and second memory layers; wherein the security key comprises: a first security key portion disposed in the non-volatile memory cells of the first memory layer, and a second security key portion disposed in the non-volatile memory cells of the second memory layer.
 2. The secure semiconductor chip of claim 1, wherein the first security key portion is encrypted and the second security key portion is a portion of a second security key that decrypts the first security key portion.
 3. The secure semiconductor chip of claim 1, wherein the security key further comprises a third security key portion disposed on a third memory layer.
 4. The secure semiconductor chip of claim 1, wherein the non-volatile memory cells storing respective portions of the security key are one time programmable memory cells.
 5. The secure semiconductor chip of claim 1, wherein the memory cells of the first or second memory layers are two terminal cells.
 6. The secure semiconductor chip of claim 5, wherein the two terminal cells are memory cells in a resistive memory (RRAM), a phase-change memory (PCRAM), a ferroelectric memory (FERAM), or a magnetic memory (MRAM).
 7. The secure semiconductor chip of claim 1, further comprising a dummy key disposed in the first memory layer or the second memory layer.
 8. The secure semiconductor chip of claim 1, wherein the non-volatile memory cells are resistive memory cells arranged in a crossbar configuration.
 9. The secure semiconductor chip of claim 1, wherein the first and second security key portions are portions of the security key and wherein the security key is divided among the first and second memory layers.
 10. The secure semiconductor chip of claim 1, wherein the security key is determined to be inaccessible in response to damage to, or removal of, a portion of the first memory layer or the second memory layer that stores a portion of the security key.
 11. The secure semiconductor chip of claim 1, wherein the locked state represents a state in which the logic circuit does not execute any logical operation of a set of all logical operations that are executable by the logic circuit in the unlocked state.
 12. A circuit device comprising a secure semiconductor chip, the secure semiconductor chip comprising: a logic layer comprising a logic circuit formed within the logic layer that, in response to a security key being determined to be valid, is unlocked characterized by executing instructions that facilitate performance of operations of the secure semiconductor chip and that, in response to the security key being determined to be invalid, is locked characterized by not permitting execution of the instructions that are executable when unlocked; and a first memory layer disposed over a second memory layer, the first and second memory layers disposed over the logic layer and integrated with the logic layer in a monolithic structure embodying the secure semiconductor chip; a plurality of electrical connectors within through hole vias between the logic layer and the first memory layer and the second memory layer facilitating intra-chip communication between the logic layer and the first and second memory layers, wherein the plurality of electrical connectors are unexposed to an exterior of the secure semiconductor chip and wherein the logic layer is configured to access the security key internally to the secure semiconductor chip; and wherein the security key comprises: a first security key portion disposed in the first memory layer; and a second security key portion disposed in the second memory layer.
 13. The circuit device comprising the secure semiconductor chip of claim 12, wherein the second security key portion is a portion of a first security key used to unlock the first security key portion, and the first security key portion is a portion of a second security key used to unlock the logic layer.
 14. The circuit device comprising the secure semiconductor chip of claim 12, further comprising a third security key portion disposed on a third memory layer, wherein a combination of the first, second, and third security key portions unlock the logic layer.
 15. The circuit device comprising the secure semiconductor chip of claim 12, wherein the first and second memory layers comprise memory cells disposed toward respective outer edges of the secure semiconductor chip such that a portion of memory cells of the first memory layer do not overlap a second portion of memory cells of the second memory layer.
 16. The circuit device comprising the secure semiconductor chip of claim 15, wherein the memory cells are two terminal cells.
 17. The circuit device comprising the secure semiconductor chip of claim 15, wherein the memory cells are resistive memory cells arranged in a crossbar configuration.
 18. The circuit device comprising the secure semiconductor chip of claim 12, further comprising a dummy key disposed in the first memory layer or the second memory layer.
 19. The circuit device comprising the secure semiconductor chip of claim 12 wherein the logic layer includes a processor, an application specific integrated circuit or a field programmable gate array.
 20. The circuit device comprising the secure semiconductor chip of claim 12 further comprising access logic, wherein the access logic is configured to receive the second security key portion and is configured to enable access to the logic layer in response thereto.
 21. The circuit device comprising the secure semiconductor chip of claim 12, wherein the first and second security key portions are portions of the security key wherein the security key is divided among the first and second memory layers. 